Headline
CVE-2020-35135: Changeset 2434070 – WordPress Plugin Repository
The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF.
Timestamp:
12/08/2020 12:29:27 PM (20 months ago)
Marios Alexandrou
Message:
Addressed minor vulnerability reported by SCA AppSec.
Location:
ultimate-category-excluder/trunk
Files:
- readme.txt (1 diff)
- ultimate-category-excluder.php (3 diffs)
Legend:
Unmodified
Added
Removed
ultimate-category-excluder/trunk/readme.txt
r2364782
r2434070
32
32
33
33
\== Changelog ==
34
35
\= 1.2 =
36
\* Addressed minor vulnerability reported by SCA AppSec. If concerned, review your UCE category settings to ensure they are set as expected.
34
37
35
38
\= 1.1 =
ultimate-category-excluder/trunk/ultimate-category-excluder.php
r1490271
r2434070
2
2
/\*
3
3
Plugin Name: Ultimate Category Excluder
4
Version: 1.1
4
Version: 1.2
5
5
Plugin URI: http://infolific.com/technology/software-worth-using/ultimate-category-excluder/
6
6
Description: Easily exclude categories from your front page, feeds, archives, and search results.
…
…
42
42
43
43
function ksuce\_options\_page() {
44
if( isset( $\_POST\[ 'ksuce' \] ) ) { $message = ksuce\_process(); }
44
if( isset( $\_POST\[ 'ksuce' \] ) ) {
45
check\_admin\_referer( 'uce\_form' );
46
$message = ksuce\_process();
47
}
45
48
$options = ksuce\_get\_options();
46
49
?>
…
…
50
53
<p><?php \_e( 'Use this page to select the categories you wish to exclude and where you would like to exclude them from.', 'UCE' ); ?></p>
51
54
<form action="options-general.php?page=ultimate-category-excluder.php" method="post">
55
<?php wp\_nonce\_field( 'uce\_form' ); ?>
52
56
<table class="widefat">
53
57
<thead>
Note: See TracChangeset for help on using the changeset viewer.